Debians sikkerhedsbulletin
DSA-291-1 ircii -- bufferoverløb
- Rapporteret den:
- 22. apr 2003
- Berørte pakker:
- ircii
- Sårbar:
- Ja
- Referencer i sikkerhedsdatabaser:
- I Bugtraq-databasen (hos SecurityFocus): BugTraq-id 7098, BugTraq-id 7095, BugTraq-id 7094, BugTraq-id 7093.
I Mitres CVE-ordbog: CVE-2003-0323. - Yderligere oplysninger:
-
Timo Sirainen har opdaget flere problemer i ircII, en populær klient til Internet Relay Chat (IRC). På en ondsindet server kunne der laves særlige svarstrenge, der kunne få klienten til at skrive ud over buffergrænser. Dette kunne føre til et lammelsesangreb, hvis klienten kun gik ned, men kunne også føre til udførelse af vilkårlig kode under den chattende brugers brugerid.
I den stabile distribution (woody) er disse problemer rettet i version 20020322-1.1.
I den gamle stabile distribution (potato) er disse problemer rettet i version 4.4M-1.1.
I den ustabile distribution (sid) er disse problemer rettet i version 20030315-1.
Vi anbefaler at du opgraderer din ircII-pakke.
- Rettet i:
-
Debian GNU/Linux 2.2 (potato)
- Kildekode:
- http://security.debian.org/pool/updates/main/i/ircii/ircii_4.4M-1.1.dsc
- http://security.debian.org/pool/updates/main/i/ircii/ircii_4.4M-1.1.diff.gz
- http://security.debian.org/pool/updates/main/i/ircii/ircii_4.4M.orig.tar.gz
- http://security.debian.org/pool/updates/main/i/ircii/ircii_4.4M-1.1.diff.gz
- Alpha:
- http://security.debian.org/pool/updates/main/i/ircii/ircii_4.4M-1.1_alpha.deb
- ARM:
- http://security.debian.org/pool/updates/main/i/ircii/ircii_4.4M-1.1_arm.deb
- Intel IA-32:
- http://security.debian.org/pool/updates/main/i/ircii/ircii_4.4M-1.1_i386.deb
- Motorola 680x0:
- http://security.debian.org/pool/updates/main/i/ircii/ircii_4.4M-1.1_m68k.deb
- PowerPC:
- http://security.debian.org/pool/updates/main/i/ircii/ircii_4.4M-1.1_powerpc.deb
- Sun Sparc:
- http://security.debian.org/pool/updates/main/i/ircii/ircii_4.4M-1.1_sparc.deb
Debian GNU/Linux 3.0 (woody)
- Kildekode:
- http://security.debian.org/pool/updates/main/i/ircii/ircii_20020322-1.1.dsc
- http://security.debian.org/pool/updates/main/i/ircii/ircii_20020322-1.1.diff.gz
- http://security.debian.org/pool/updates/main/i/ircii/ircii_20020322.orig.tar.gz
- http://security.debian.org/pool/updates/main/i/ircii/ircii_20020322-1.1.diff.gz
- Alpha:
- http://security.debian.org/pool/updates/main/i/ircii/ircii_20020322-1.1_alpha.deb
- ARM:
- http://security.debian.org/pool/updates/main/i/ircii/ircii_20020322-1.1_arm.deb
- Intel IA-32:
- http://security.debian.org/pool/updates/main/i/ircii/ircii_20020322-1.1_i386.deb
- Intel IA-64:
- http://security.debian.org/pool/updates/main/i/ircii/ircii_20020322-1.1_ia64.deb
- HPPA:
- http://security.debian.org/pool/updates/main/i/ircii/ircii_20020322-1.1_hppa.deb
- Motorola 680x0:
- http://security.debian.org/pool/updates/main/i/ircii/ircii_20020322-1.1_m68k.deb
- Big endian MIPS:
- http://security.debian.org/pool/updates/main/i/ircii/ircii_20020322-1.1_mips.deb
- Little endian MIPS:
- http://security.debian.org/pool/updates/main/i/ircii/ircii_20020322-1.1_mipsel.deb
- PowerPC:
- http://security.debian.org/pool/updates/main/i/ircii/ircii_20020322-1.1_powerpc.deb
- IBM S/390:
- http://security.debian.org/pool/updates/main/i/ircii/ircii_20020322-1.1_s390.deb
- Sun Sparc:
- http://security.debian.org/pool/updates/main/i/ircii/ircii_20020322-1.1_sparc.deb
MD5-kontrolsummer for de listede filer findes i den originale sikkerhedsbulletin.